Wireless LANs have serious security flaws

Computer scientists at the University of California at Berkeley have sounded new warnings about the vulnerabilities of wireless LANs, saying flaws in a common encryption algorithm pose major security issues.

The Internet, Security, Applications, Authentication and Cryptography (ISAAC) research group said in a report posted on the Web last Friday that it had “discovered a number of flaws” in the Wired Equivalent Privacy (WEP) 40-bit algorithm used to secure all IEEE 802.11 standard wireless LANs. These flaws, the ISAAC report added, “seriously undermine the security claims of the system.”

Wireless LANs have a number of vulnerabilities, the report said, including passive attacks to decrypt traffic based on statistical analysis. WEP also has flaws that make it easier to inject unauthorized traffic from mobile base stations or launch active attacks to decrypt traffic by tricking the access point (the base station), the report said.

Industry officials dismissed the report as old news, adding that the IEEE and manufacturers are already taking steps to beef up security. However, analysts said the ISAAC report is the first to illustrate how easy it is to hack wireless LANs.

This security warning comes as wireless LANs, which provide high-speed connections today at 10M bit/sec., continue to gain popularity in the enterprise and home markets, where an investment of less than US$1,000 can provide a LAN without cables to cover a whole house. Gartner Group Inc. is expected to release a study later this week forecasting that more than half of the Fortune 1,000 companies will have deployed wireless LANs within the next two years.

The proliferation of enterprise wireless LANs demands increased security because every laptop equipped with a wireless PC LAN card is a potential “sniffer,” said John Pescatore, a security analyst at Stamford, Conn.-based Gartner. A sniffer is typically hacking software used to monitor network traffic looking for passwords, credit-card numbers or other potentially useful data.

Pescatore said he has received reports of employees from one company eating lunch outdoors at an office park and picking up signals from a LAN operated by another company. “You can’t read the [encrypted] traffic, but you can see the packets,” he said. Pescatore said he believes the underground hacker community is hard at work developing downloadable scripts to tap into wireless LANs, and he predicts that such tools will be available this year.

“Within six months, ‘script kiddies’ are going to be able to drive around corporate campuses” and easily tap or spoof networks, Pescatore said. “That’s why we have been telling our clients for a long time that if they’re serious about using [wireless LANs], they have to protect them.”

Phil Belanger, chairman of the Mountain View, Calif.-based Wireless Ethernet Compatibility Alliance, downplayed the ISAAC report, saying “this is not new news.” IEEE has a group working to beef up wireless LAN security, he added. But, he said, users — especially enterprise users — need to understand that the WEP protocol was designed to provide a level of security equivalent to an unencrypted wired LAN. Enterprise users should add additional security measures to their wireless LANs, he advised, including using longer 128-bit encryption keys and exchanging data over a virtual private network (VPN) “tunnel” when using a wireless LAN.

The IEEE 802.11 security working group is developing additional enhancements, including longer keys and a media access control, as well as modifying protocols to make wireless LANs more resistant to attack.

Vendors started taking steps last year to enhance wireless LAN security. For example, the Orinoco division of Lucent Technologies Inc. introduced new products that provide automatic encryption key generation and distribution of enhanced keys on a per-session basis. Last month, Cisco Systems Inc. introduced new enterprise wireless LAN products with enhanced security.

Gemma Paulo, an analyst at Cahners In-Stat Group in Scottsdale, Ariz., agreed on the need for beefed-up security in corporate wireless LAN networks, saying, “You need more security in enterprises, and vendors are mixing and matching solutions, such as VPNs and longer keys.”